iredmail-doc/en_US/howto/enable.dnsbl.md

# Enable DNSBL service in Postfix to reduce spam

!!! attention

    If you're running a high-traffic mail server, you'd better setup a local
    DNS server to cache DNS queries, because free RBL services like
    `zen.spamhaus.org` may improperly reply if your server exceed the DNS
    query limit. Also, mail service higly relies on DNS queries, so a local
    DNS server speeds up the mail flow.

You can enable additional DNSBL services in Postfix to reduce spam. We use
`zen.spamhaus.org` for example below.

* Open Postfix config file `/etc/postfix/main.cf` or
  `/usr/local/etc/postfix/main.cf` (on FreeBSD), append
  `reject_rbl_client zen.spamhaus.org` to parameter `smtpd_recipient_restrictions`.
  Final setting looks like below:

```
smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
    reject_rbl_client b.barracudacentral.org=127.0.0.2
```

It must be placed after `reject_unauth_destination`. You can add more DNSBL
services after `reject_unauth_destination`, and they will be queried in the
specified order.

Postfix will perform DNS query against `zen.spamhaus.org`, and wait for the
response code, only `127.0.0.2` to `127.0.0.11` are meaningful, so we use
`=127.0.0.[2..11]` to tell Postfix only reject clients when we get those
response code.

* If you have postscreen service enabled, you should add DNSBL services for
  postscreen service instead, so please don't use any `reject_rbl_client` in
  `smtpd_recipient_restrictions` parameter, but use below one instead:

```
postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.2*2
```

* Restart or reload Postfix service is required.

## See also

* [Enable postscreen service](./enable.postscreen.html)

## References

* [Postfix Configuration Parameters: reject_rbl_client](http://www.postfix.org/postconf.5.html#reject_rbl_client)
* [Spamhaus website](http://www.spamhaus.org)

    * [Spamhaus DNSBL Usage Terms](https://www.spamhaus.org/organization/dnsblusage/)
New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			`# Enable DNSBL service in Postfix to reduce spam`

Tip: how to share someone's mailbox as public folder. 2016-07-13 21:16:16 -05:00			`!!! attention`
Typo in en_US/howto/enable.dnsbl.md. 2016-03-14 08:24:40 -06:00
			`If you're running a high-traffic mail server, you'd better setup a local`
			`DNS server to cache DNS queries, because free RBL services like`
			`zen.spamhaus.org` may improperly reply if your server exceed the DNS
			`query limit. Also, mail service higly relies on DNS queries, so a local`
			`DNS server speeds up the mail flow.`
Recommend to setup a local DNS server if you're running a high-traffic mail server. 2015-06-13 11:07:45 -05:00
New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			`You can enable additional DNSBL services in Postfix to reduce spam. We use`
			`zen.spamhaus.org` for example below.

			* Open Postfix config file `/etc/postfix/main.cf` or
New: en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md (DRAFT). 2017-02-09 02:39:49 -06:00			`/usr/local/etc/postfix/main.cf` (on FreeBSD), append
			`reject_rbl_client zen.spamhaus.org` to parameter `smtpd_recipient_restrictions`.
			`Final setting looks like below:`
New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00
			```
Typo in en_US/howto/enable.dnsbl.md. 2016-03-02 10:08:29 -06:00			`smtpd_recipient_restrictions =`
			`...`
			`reject_unauth_destination`
Fix error in dnsbl setting. 2017-03-06 21:58:58 -06:00			`reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]`
Enable dnsbl service b.barracudacentral.org by default. 2018-04-27 02:01:44 -05:00			`reject_rbl_client b.barracudacentral.org=127.0.0.2`
New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			```

			It must be placed after `reject_unauth_destination`. You can add more DNSBL
			services after `reject_unauth_destination`, and they will be queried in the
			`specified order.`

New: en_US/upgrade/0-upgrade.iredmail.0.9.6-0.9.7.md (DRAFT). 2017-02-09 02:39:49 -06:00			Postfix will perform DNS query against `zen.spamhaus.org`, and wait for the
			response code, only `127.0.0.2` to `127.0.0.11` are meaningful, so we use
			`=127.0.0.[2..11]` to tell Postfix only reject clients when we get those
			`response code.`

Fix error in dnsbl setting. 2017-03-06 21:58:58 -06:00			`* If you have postscreen service enabled, you should add DNSBL services for`
			postscreen service instead, so please don't use any `reject_rbl_client` in
			`smtpd_recipient_restrictions` parameter, but use below one instead:

			```
			`postscreen_dnsbl_sites =`
			`zen.spamhaus.org=127.0.0.[2..11]*3`
Sync iRedMail upgrade tutorial. 2017-10-05 19:05:42 -05:00			`b.barracudacentral.org=127.0.0.2*2`
Fix error in dnsbl setting. 2017-03-06 21:58:58 -06:00			```

New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			`* Restart or reload Postfix service is required.`

Add link of 'enable postscreen' in enable.dnsbl.md. 2015-08-17 22:40:44 -05:00			`## See also`

			`* [Enable postscreen service](./enable.postscreen.html)`

New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			`## References`

Fix incorrect link in howto/enable.dnsbl.md. 2015-03-13 23:03:38 -06:00			`* [Postfix Configuration Parameters: reject_rbl_client](http://www.postfix.org/postconf.5.html#reject_rbl_client)`
New: howto/enable.dnsbl.md. 2015-03-13 22:34:58 -06:00			`* [Spamhaus website](http://www.spamhaus.org)`

			`* [Spamhaus DNSBL Usage Terms](https://www.spamhaus.org/organization/dnsblusage/)`